<authentication_jwt_guide>
<title>AUTHENTICATION & JWT VULNERABILITIES</title>

<critical>Authentication flaws lead to complete account takeover. JWT misconfigurations are everywhere.</critical>

<jwt_structure>
header.payload.signature
- Header: {% raw %}{"alg":"HS256","typ":"JWT"}{% endraw %}
- Payload: {% raw %}{"sub":"1234","name":"John","iat":1516239022}{% endraw %}
- Signature: HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
</jwt_structure>

<common_attacks>
<algorithm_confusion>
RS256 to HS256:
- Change RS256 to HS256 in header
- Use public key as HMAC secret
- Sign token with public key (often in /jwks.json or /.well-known/)
</algorithm_confusion>

<none_algorithm>
- Set {% raw %}"alg": "none"{% endraw %} in header
- Remove signature completely (keep the trailing dot)
</none_algorithm>

<weak_secrets>
Common secrets: 'secret', 'password', '123456', 'key', 'jwt_secret', 'your-256-bit-secret'
</weak_secrets>

<kid_manipulation>
- SQL Injection: {% raw %}"kid": "key' UNION SELECT 'secret'--"{% endraw %}
- Command injection: {% raw %}"kid": "|sleep 10"{% endraw %}
- Path traversal: {% raw %}"kid": "../../../../../../dev/null"{% endraw %}
</kid_manipulation>
</common_attacks>

<advanced_techniques>
<jwk_injection>
Embed public key in token header:
{% raw %}{"jwk": {"kty": "RSA", "n": "your-public-key-n", "e": "AQAB"}}{% endraw %}
</jwk_injection>

<jku_manipulation>
Set jku/x5u to attacker-controlled URL hosting malicious JWKS
</jku_manipulation>

<timing_attacks>
Extract signature byte-by-byte using verification timing differences
</timing_attacks>
</advanced_techniques>

<oauth_vulnerabilities>
<authorization_code_theft>
- Exploit redirect_uri with open redirects, subdomain takeover, parameter pollution
- Missing/predictable state parameter = CSRF
- PKCE downgrade: remove code_challenge parameter
</authorization_code_theft>
</oauth_vulnerabilities>

<saml_attacks>
- Signature exclusion: remove signature element
- Signature wrapping: inject assertions
- XXE in SAML responses
</saml_attacks>

<session_attacks>
- Session fixation: force known session ID
- Session puzzling: mix different session objects
- Race conditions in session generation
</session_attacks>

<password_reset_flaws>
- Predictable tokens: MD5(timestamp), sequential numbers
- Host header injection for reset link poisoning
- Race condition resets
</password_reset_flaws>

<mfa_bypass>
- Response manipulation: change success:false to true
- Status code manipulation: 403 to 200
- Brute force with no rate limiting
- Backup code abuse
</mfa_bypass>

<advanced_bypasses>
<unicode_normalization>
Different representations: admin@exａmple.com (fullwidth), аdmin@example.com (Cyrillic)
</unicode_normalization>

<authentication_chaining>
- JWT + SQLi: kid parameter with SQL injection
- OAuth + XSS: steal tokens via XSS
- SAML + XXE + SSRF: chain for internal access
</authentication_chaining>
</advanced_bypasses>

<tools>
- jwt_tool: Comprehensive JWT testing
- Check endpoints: /login, /oauth/authorize, /saml/login, /.well-known/openid-configuration, /jwks.json
</tools>

<validation>
To confirm authentication flaw:
1. Demonstrate account access without credentials
2. Show privilege escalation
3. Prove token forgery works
4. Bypass authentication/2FA requirements
5. Maintain persistent access
</validation>

<false_positives>
NOT a vulnerability if:
- Requires valid credentials
- Only affects own session
- Proper signature validation
- Token expiration enforced
- Rate limiting prevents brute force
</false_positives>

<impact>
- Account takeover: access other users' accounts
- Privilege escalation: user to admin
- Token forgery: create valid tokens
- Bypass mechanisms: skip auth/2FA
- Persistent access: survives logout
</impact>

<remember>Focus on RS256->HS256, weak secrets, and none algorithm first. Modern apps use multiple auth methods simultaneously - find gaps in integration.</remember>
</authentication_jwt_guide>
